The Importance of Privacy Policies

Tech 101: Issue 5
By Traci Riley with Dan Schumack

A privacy policy is a legal notice providing information about how a website visitor's personal information will be used. When your website gathers such information, a privacy policy is something your company should strongly consider. We have one at Katalyst Solutions. It is important to us that we ensure our visitors' privacy, as we collect various types of information about our website visitors and the way they interact with our website. This data gathering enables us to improve our business and ultimately improve how we serve our customers.

We asked Dan Schumack of Schumack Ryals, PLLC to help us answer a few of the technical questions regarding privacy policies.

Why is a privacy policy important, both legally and from a customer trust perspective?

Some industries are required by law to maintain a privacy policy. These industries include banks, medical professionals, and many others. Most of the privacy regulations to which these industries are subject to apply on and off the internet.

If you are not within one of these regulated industries, your prospect marketing and customer retention may still benefit from a privacy policy if your target audience believes you should have one. The emerging trend on the internet, for example, is that any credible website will post some minimal standards for user privacy.

What are the legal risks in not having a privacy policy?

If you are in a regulated industry, you must have a privacy policy that covers all issues required under the regulations governing your industry. Failure to do so may result in fines or suspension of your business license.

If you are not in a regulated industry, you are under no obligation to have a privacy policy. This means you have no legal exposure for having no policy. Conversely, a poorly written policy creates potential liability every time you violate your own published policy.

When do you need to have a privacy policy?

Assuming you are not in a regulated industry, you never "need" to have a privacy policy. Do some market research to measure what your competitors are doing. But don't assume that your competitors have accurately gauged customer demand. You should also survey your existing customer base to measure its expectations. You should consider adopting a privacy policy only if you conclude that it will enhance your prospect marketing or customer retention.

What are the important components of a privacy policy? Do you have any tips on creating one?

It’s impossible to discuss components of a privacy policy because every industry has different needs. The best guidance on creating an effective privacy policy for your business is:

Don’t steal your policies from someone else's business. You may be liable for a copyright violation. You may also be stealing something that has no practical application to your business.

Don’t assume that your competitor's privacy policy meets your needs. You have no idea where your competitor obtained its policy or why it adopted particular text.

Don’t write it yourself unless you know what you are doing. If you hire an expert to write it for you, make sure the expert has actual expertise in writing policies for your industry or something closely analogous.

No privacy policy is better than a bad privacy policy.

While a privacy policy is required in certain industries, with others it isn't so much a requirement as it is a necessity to stay on top of the market. As more and more companies are "going green" to help out with the environment, privacy policies are becoming a part of common business practice. Website users are concerned about their privacy, and by applying a privacy policy, you are ensuring that personal information is kept private.

Do you have ideas for future newsletter topics? Let us know! {contactlink 1}.